After cbf9dfb the CURLOPT_FILE no longer behaves as expected. All
redirect responses are appended to the same stream resource. This fix
reverts back to the old behavior by setting the stream pointer back to
the beginning for each subsequent redirect.
This also implements the functionality for SCORM packages, which may
have SVG images embedded within their content which require loading
directly (and are only created by users with appropriate risk flag).
It was a mistake to force filtering of SVG files in MDL-55243. It can
easily lead to corrupted SVG files.
The patch removes that forced filtering and clarifies the inline comment
of what and why we need to do.
The security problem here was that only the first and the last URL in
the redirect chain was checked by the security helper. This patch forces
the curl wrapper to always emulate cURL redirects and check every
redirect URL in the chain before actually visiting it.
Augument all installed plugin's security helper if there is any.
Plugins function has to be defined as plugintype_pluginname_security_helper in pluginname/lib.php file.
The code has been using terms that were found exclusive and potentially
derogatory. Fixing the terms and making the variables and methods
consistent with the related admin settings.
It was found out that in certain situations there may be some content
in to output handlers buffers. Let's allow that to happen given that:
* default handler's buffer is not sent as a part of the file and an
error is reported into the server log.
* other handlers' buffer is sent with the assumption that it is required
for the correct serving of the file.
Currently, PHP getimagesize method doesn't support SVG images.
As some features, such as badges, processs and optimise the images
before using them, a new filetype group has been created to exclude
SVG from there: optimised_image.
SVG can't be removed from web_image because then users won't be
able to add SVG images to their courses using labels, pages...
When you download a file directly from a Moodle form submit button,
the submit button disables when you click it, but you remain on that
page so we need to re-enable the button.
This commit causes it to re-enable once the file download finishes,
setting a temporary cookie to indicate this to the JavaScript code.
It also adds a method to disable the system on a given form by
setting data-double-submit-protection="off".
$includetoken parameter type has been changed. Now supports:
boolean: False indicates to not include the token, true indicates to generate a token for the current user ($USER).
integer: Indicates to generate a token for the user whose id is the integer value.
Also added 'history' filearea for the history report where files
will be copied to if the site has enabled this feature.
We will also be storing files in the module context, not course,
so that check was removed.
Support use of a token for access to pluginfile.php when rewriting text
content.
This is primarily intended for notifications where the user is unlikely
to be logged into Moodle when receiving the notification.
Files that are oversized could have been uploaded by a user who
can ignore the file size limits. These files should not be deleted
in these situations.
Without this change, Moodle fails to provide any data when requesting a
thumbnail for a non-image file as its looking to provide a SVG file that
doesn't exist.
text areas can now specify $options['removeorphaneddrafts'] when saving
their data using file_postupdate_standard_editor(). If set to true,
this option clears all user drafts which are not referenced in the text